Skip to content

Commit 2338c32

Browse files
committed
patch 8.1.0170: invalid memory use with complicated pattern
Problem: Invalid memory use with complicated pattern. (Andy Massimino) Solution: Reallocate the list of listids when needed. (closes #3175) Remove unnecessary function prototypes.
1 parent a9defad commit 2338c32

File tree

2 files changed

+13
-62
lines changed

2 files changed

+13
-62
lines changed

src/regexp_nfa.c

Lines changed: 11 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -282,41 +282,11 @@ static int nfa_alt_listid;
282282
/* 0 for first call to nfa_regmatch(), 1 for recursive call. */
283283
static int nfa_ll_index = 0;
284284

285-
static int nfa_regcomp_start(char_u *expr, int re_flags);
286-
static int nfa_get_reganch(nfa_state_T *start, int depth);
287-
static int nfa_get_regstart(nfa_state_T *start, int depth);
288-
static char_u *nfa_get_match_text(nfa_state_T *start);
289285
static int realloc_post_list(void);
290-
static int nfa_recognize_char_class(char_u *start, char_u *end, int extra_newl);
291-
static int nfa_emit_equi_class(int c);
292-
static int nfa_regatom(void);
293-
static int nfa_regpiece(void);
294-
static int nfa_regconcat(void);
295-
static int nfa_regbranch(void);
296286
static int nfa_reg(int paren);
297287
#ifdef DEBUG
298-
static void nfa_set_code(int c);
299-
static void nfa_postfix_dump(char_u *expr, int retval);
300-
static void nfa_print_state(FILE *debugf, nfa_state_T *state);
301288
static void nfa_print_state2(FILE *debugf, nfa_state_T *state, garray_T *indent);
302-
static void nfa_dump(nfa_regprog_T *prog);
303-
#endif
304-
static int *re2post(void);
305-
static nfa_state_T *alloc_state(int c, nfa_state_T *out, nfa_state_T *out1);
306-
static void st_error(int *postfix, int *end, int *p);
307-
static int nfa_max_width(nfa_state_T *startstate, int depth);
308-
static nfa_state_T *post2nfa(int *postfix, int *end, int nfa_calc_size);
309-
static void nfa_postprocess(nfa_regprog_T *prog);
310-
static int check_char_class(int class, int c);
311-
static void nfa_save_listids(nfa_regprog_T *prog, int *list);
312-
static void nfa_restore_listids(nfa_regprog_T *prog, int *list);
313-
static int nfa_re_num_cmp(long_u val, int op, long_u pos);
314-
static long nfa_regtry(nfa_regprog_T *prog, colnr_T col, proftime_T *tm, int *timed_out);
315-
static long nfa_regexec_both(char_u *line, colnr_T col, proftime_T *tm, int *timed_out);
316-
static regprog_T *nfa_regcomp(char_u *expr, int re_flags);
317-
static void nfa_regfree(regprog_T *prog);
318-
static int nfa_regexec_nl(regmatch_T *rmp, char_u *line, colnr_T col, int line_lbr);
319-
static long nfa_regexec_multi(regmmatch_T *rmp, win_T *win, buf_T *buf, linenr_T lnum, colnr_T col, proftime_T *tm, int *timed_out);
289+
#endif
320290
static int match_follows(nfa_state_T *startstate, int depth);
321291
static int failure_chance(nfa_state_T *state, int depth);
322292

@@ -2876,13 +2846,6 @@ struct Frag
28762846
};
28772847
typedef struct Frag Frag_T;
28782848

2879-
static Frag_T frag(nfa_state_T *start, Ptrlist *out);
2880-
static Ptrlist *list1(nfa_state_T **outp);
2881-
static void patch(Ptrlist *l, nfa_state_T *s);
2882-
static Ptrlist *append(Ptrlist *l1, Ptrlist *l2);
2883-
static void st_push(Frag_T s, Frag_T **p, Frag_T *stack_end);
2884-
static Frag_T st_pop(Frag_T **p, Frag_T *stack);
2885-
28862849
/*
28872850
* Initialize a Frag_T struct and return it.
28882851
*/
@@ -3917,9 +3880,7 @@ typedef struct
39173880
} nfa_list_T;
39183881

39193882
#ifdef ENABLE_LOG
3920-
static void log_subsexpr(regsubs_T *subs);
39213883
static void log_subexpr(regsub_T *sub);
3922-
static char *pim_info(nfa_pim_T *pim);
39233884

39243885
static void
39253886
log_subsexpr(regsubs_T *subs)
@@ -3974,25 +3935,15 @@ pim_info(nfa_pim_T *pim)
39743935
#endif
39753936

39763937
/* Used during execution: whether a match has been found. */
3977-
static int nfa_match;
3938+
static int nfa_match;
39783939
#ifdef FEAT_RELTIME
39793940
static proftime_T *nfa_time_limit;
39803941
static int *nfa_timed_out;
39813942
static int nfa_time_count;
39823943
#endif
39833944

3984-
static void copy_pim(nfa_pim_T *to, nfa_pim_T *from);
3985-
static void clear_sub(regsub_T *sub);
39863945
static void copy_sub(regsub_T *to, regsub_T *from);
3987-
static void copy_sub_off(regsub_T *to, regsub_T *from);
3988-
static void copy_ze_off(regsub_T *to, regsub_T *from);
3989-
static int sub_equal(regsub_T *sub1, regsub_T *sub2);
3990-
static int match_backref(regsub_T *sub, int subidx, int *bytelen);
3991-
static int has_state_with_pos(nfa_list_T *l, nfa_state_T *state, regsubs_T *subs, nfa_pim_T *pim);
39923946
static int pim_equal(nfa_pim_T *one, nfa_pim_T *two);
3993-
static int state_in_list(nfa_list_T *l, nfa_state_T *state, regsubs_T *subs);
3994-
static regsubs_T *addstate(nfa_list_T *l, nfa_state_T *state, regsubs_T *subs_arg, nfa_pim_T *pim, int off);
3995-
static void addstate_here(nfa_list_T *l, nfa_state_T *state, regsubs_T *subs, nfa_pim_T *pim, int *ip);
39963947

39973948
/*
39983949
* Copy postponed invisible match info from "from" to "to".
@@ -5018,8 +4969,6 @@ match_backref(
50184969

50194970
#ifdef FEAT_SYN_HL
50204971

5021-
static int match_zref(int subidx, int *bytelen);
5022-
50234972
/*
50244973
* Check for a match with \z subexpression "subidx".
50254974
* Return TRUE if it matches.
@@ -5095,7 +5044,6 @@ nfa_re_num_cmp(long_u val, int op, long_u pos)
50955044
return val == pos;
50965045
}
50975046

5098-
static int recursive_regmatch(nfa_state_T *state, nfa_pim_T *pim, nfa_regprog_T *prog, regsubs_T *submatch, regsubs_T *m, int **listids);
50995047
static int nfa_regmatch(nfa_regprog_T *prog, nfa_state_T *start, regsubs_T *submatch, regsubs_T *m);
51005048

51015049
/*
@@ -5110,7 +5058,8 @@ recursive_regmatch(
51105058
nfa_regprog_T *prog,
51115059
regsubs_T *submatch,
51125060
regsubs_T *m,
5113-
int **listids)
5061+
int **listids,
5062+
int *listids_len)
51145063
{
51155064
int save_reginput_col = (int)(reginput - regline);
51165065
int save_reglnum = reglnum;
@@ -5212,14 +5161,16 @@ recursive_regmatch(
52125161
{
52135162
/* Already calling nfa_regmatch() recursively. Save the lastlist[1]
52145163
* values and clear them. */
5215-
if (*listids == NULL)
5164+
if (*listids == NULL || *listids_len < nstate)
52165165
{
5166+
vim_free(*listids);
52175167
*listids = (int *)lalloc(sizeof(int) * nstate, TRUE);
52185168
if (*listids == NULL)
52195169
{
52205170
EMSG(_("E878: (NFA) Could not allocate memory for branch traversal!"));
52215171
return 0;
52225172
}
5173+
*listids_len = nstate;
52235174
}
52245175
nfa_save_listids(prog, *listids);
52255176
need_restore = TRUE;
@@ -5279,9 +5230,6 @@ recursive_regmatch(
52795230
return result;
52805231
}
52815232

5282-
static int skip_to_start(int c, colnr_T *colp);
5283-
static long find_match_text(colnr_T startcol, int regstart, char_u *match_text);
5284-
52855233
/*
52865234
* Estimate the chance of a match with "state" failing.
52875235
* empty match: 0
@@ -5570,6 +5518,7 @@ nfa_regmatch(
55705518
nfa_list_T *thislist;
55715519
nfa_list_T *nextlist;
55725520
int *listids = NULL;
5521+
int listids_len = 0;
55735522
nfa_state_T *add_state;
55745523
int add_here;
55755524
int add_count;
@@ -5898,7 +5847,7 @@ nfa_regmatch(
58985847
* follows.
58995848
*/
59005849
result = recursive_regmatch(t->state, NULL, prog,
5901-
submatch, m, &listids);
5850+
submatch, m, &listids, &listids_len);
59025851
if (result == NFA_TOO_EXPENSIVE)
59035852
{
59045853
nfa_match = result;
@@ -6016,7 +5965,7 @@ nfa_regmatch(
60165965

60175966
/* First try matching the pattern. */
60185967
result = recursive_regmatch(t->state, NULL, prog,
6019-
submatch, m, &listids);
5968+
submatch, m, &listids, &listids_len);
60205969
if (result == NFA_TOO_EXPENSIVE)
60215970
{
60225971
nfa_match = result;
@@ -6783,7 +6732,7 @@ nfa_regmatch(
67836732
fprintf(log_fd, "\n");
67846733
#endif
67856734
result = recursive_regmatch(pim->state, pim,
6786-
prog, submatch, m, &listids);
6735+
prog, submatch, m, &listids, &listids_len);
67876736
pim->result = result ? NFA_PIM_MATCH : NFA_PIM_NOMATCH;
67886737
/* for \@! and \@<! it is a match when the result is
67896738
* FALSE */

src/version.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -789,6 +789,8 @@ static char *(features[]) =
789789

790790
static int included_patches[] =
791791
{ /* Add new patch number below this line */
792+
/**/
793+
170,
792794
/**/
793795
169,
794796
/**/

0 commit comments

Comments
 (0)